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Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after t he mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1)[3 Responsive to communication(s) filed on 30 October 2003 . 
2a)D This action is FINAL. 2b)E3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) KI Claim(s) 1-23 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) |3 Claim(s) 1-23 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) 13 The drawing(s) filed on 30 October 2003 is/are: a)D accepted or b)l3 objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (0- 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
" See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

1. This Office Action is responsive to the following communication: Original Application filed 
on 30 October 2003. 

2. Claims 1-23 are pending and present for examination. Claims 1, 13, and 23 are 
independent. 

Drawings 

3. The drawings are objected to as failing to comply with 37 CFR 1.84(p)(5) because they 
include the following reference character(s) not mentioned in the description: 

■ Reference characters 106 and 109 of Figure 1; and 

■ Reference characters 412A-C and 426. 

Corrected drawing sheets in compliance with 37 CFR 1.121(d), or amendment to the 
specification to add the reference character(s) in the description in compliance with 37 CFR 
1.121(b) are required in reply to the Office action to avoid abandonment of the application. Any 
amended replacement drawing sheet should include all of the figures appearing on the 
immediate prior version of the sheet, even if only one figure is being amended. Each drawing 
sheet submitted after the filing date of an application must be labeled in the top margin as either 
"Replacement Sheet" or "New Sheet" pursuant to 37 CFR 1.121(d). If the changes are not 
accepted by the examiner, the applicant will be notified and informed of any required corrective 
action in the next Office action. The objection to the drawings will not be held in abeyance. 

4. The drawings are objected to as failing to comply with 37 CFR 1.84(p)(5) because they 
do not include the following reference sign(s) mentioned in the description: 

- Reference character 412 in Paragraphs [0029]-[0030]. 

Corrected drawing sheets in compliance with 37 CFR 1.121(d) are required in reply to the 
Office action to avoid abandonment of the application. Any amended replacement drawing sheet 
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should include all of the figures appearing on the immediate prior version of the sheet, even if 
only one figure is being amended. Each drawing sheet submitted after the filing date of an 
application must be labeled in the top margin as either "Replacement Sheet" or "New Sheet" 
pursuant to 37 CFR 1.121(d). If the changes are not accepted by the examiner, the applicant will 
be notified and informed of any required corrective action in the next Office action. The objection 
to the drawings will not be held in abeyance. 

Claim Rejections - 35 USC§ 112 

5. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and 
distinctly claiming the subject matter which the applicant regards as his invention. 

6. Claims 4 and 16-20 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

7. As per dependent claim 4 and 16-20, the phrase "infix/prefix hybrid" renders the 
claim indefinite because it is unclear whether either infix or hybrid, or both infix and hybrid are 
claimed as limitation(s) as part of the claimed invention. See MPEP § 2173.05(d). 

Claim Rejections - 35 USC § 102 

8. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

■ (b) the invention was patented or described in a printed publication in this or a foreign country or 

in public use or on sale in this country, more than one year prior to the date of application for 
patent in the United States. 

9. Claim 1-3, 6, 9, 11, 13-15, and 21 are rejected under 35 U.S.C. 102(b) as being 
anticipated by Daniel et al (U.S. Patent No. 5,32,837, hereinafter referred to as DANIEL), filed on 
11 October 1991, and issued on 14 June 1994. 
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10. As per independent claims 1 and 13, DANIEL teaches: 

An expression editor comprising: 

an expression tree representing an expression in prefix notation {See 
daniel, Figure 6\ . the expression including a plurality of operators and operands 

{See DANIEL, Figure 6 >: and 

a plurality of infix operators corresponding with the plurality of operators 

inserted into the prefix expression tree {See DANIEL, col. 4, lines 62-67, wherein this reads 
over "a generic parser which first converts the expression into an infix binary expression tree 
containing relational and Boolean operators. The filter table parser then converts the tree into a 
prefix data stream for high performance string-based evaluation"} , wherein the plurality of 

operands and infix operators represent the expression in infix notation {See 

DANIEL, Figures 5-6; and col. 4, line 67 - col. 5, line 2, wherein this reads over "a single stream 
prefix expression that contains a length, a Boolean or relational operator"},, 

11. As per dependent claims 2 and 14, DANIEL teaches: 

The expression editor of claim 1. wherein the plurality of operators are 

represented Symbolically {See DANIEL, Figure 6, wherein the "EQUAL" or function is 
represented by "EQ"}^ 

12. As per dependent claims 3 and 15, DANIEL teaches: 

The expression editor of claim 2, wherein the plurality of infix operators 

are represented textuallv {See DANIEL, Figure 5, wherein the "AND" function is displayed 
textually as "AND"}.. 

13. As per dependent claims 6 and 21, DANIEL teaches: 

The expression editor of claim 1. wherein the expression comprises a 
Boolean expression, the operators comprise Boolean operators, and the 
expression tree comprises a Boolean expression tree {See daniel, Figures 5-6}^ 

14. As per dependent claim 9, DANIEL teaches: 

The expression editor of claim 1. wherein the plurality of operands and 
infix operators represent the expression in infix notation when read left-to-right 
and top-to-bottom {See DANIEL, Figure 6, wherein this reads over "*OR *EQ 
*FRU1T X APPLE' *EQ *FRUIT Tear'"}, 

15. As per dependent claim 11, the subject matter of the claim is inherent since an 
insertion or deletion of an operator would always change the presence or absence of the 
corresponding infix operator. 



Claim Rejections - 35 USC § 103 
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16. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 
rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or 
described as set forth in section 102 of this title, if the differences between the subject matter 
sought to be patented and the prior art are such that the subject matter as a whole would 
have been obvious at the time the invention was made to a person having ordinary skill in the 
art to which said subject matter pertains. Patentability shall not be negatived by the manner 
in which the invention was made. 

17. Claims 4 and 16 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
DANIEL, as applied to claims 1-3, 6, 9, 11, 13-15, AND 21, in view of Wiegel (U.S. Patent No. 
6,484,261, hereinafter referred to as WIEGEL), filed 11 December 1998, and issued on 19 
November 2002, and Official Notice. 

DANIEL teaches the limitations of claims 1-3, 6, 9, 11, 13-15, AND 21 for the reasons 
stated above. 

DANIEL differs from the claimed invention in that DANIEL fails to disclose an expression 
editor wherein the expression tree comprises a prefix tree side and an infix/prefix hybrid side 
containing the operands and the infix operators (claims 4 and 16). 

18. As per dependent claims 4 and 16, DANIEL, in combination with WIEGEL and Official 
Notice/discloses: 

The expression editor of claim 1, wherein the expression tree {See daniel, 
Figure 6> comprises: 

a prefix tree side containing the operators and the tree structure 

{See DANIEL, Figure 6 >. and 

an infix/prefix hybrid side containing the operands and the infix 

Operators (See DANIEL, Figures 5-6; and col. 4, line 67 - col. 5, line 2, wherein this 
reads over "a single stream prefix expression that contains a length, a Boolean or relational 

operator" }, wherein the prefix tree side is to the left of an invisible line and 
the infix/prefix hybrid side is to the right of the invisible line {See 
WIEGEL, Figure 3K 

The combination of the inventions disclosed in DANIEL and WIEGEL would disclose an 
expression editor, wherein the prefix tree side contains operators, a tree structure, and an 
infix/prefix hybrid side containing the operands and the infix operators. Additionally, the 
combination of inventions disclosed in DANIEL and WIEGEL would disclose an invisible line which 
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divided the prefix tree side to the left and the infix/prefix hybrid side to the right of the invisible 
line. Additionally, it would have been obvious to one of ordinary skill in the art at the time the 
invention was claimed to combine a prefix tree side and infix/prefix hybrid side into an expression 
tree. Therefore, it would have been obvious to one of ordinary skill in the art at the time the 
invention was made to combine the inventions suggested by DANIEL and WIEGEL, and in view of 
Official Notice. 

One of ordinary skill in the art would have been motivated to do this modification so that 
the Boolean expression tree may be more readable. 
41 19. Claim^is rejected under 35 U.S.C. 103(a) as being unpatentable over DANIEL, as 
applied to claims 1-3, 6, 9, 11, 13-15, AND 21, in view of WIEGEL. 

DANIEL teaches the limitations of claims 1-3, 6, 9, 11, 13-15, AND 21 for the reasons 
stated above. 

DANIEL differs from the claimed invention in that DANIEL fails to disclose an expression 
editor wherein each operator of the expression tree has a corresponding expansion box that is 
operable by a user to show or hide the operands of the corresponding operator (claim 5). 

DANIEL differs from the claimed invention in that DANIEL fails to disclose a network 
security system (claim 23). 

20. As per dependent claim 5, DANIEL, in combination with WIEGEL, discloses an 
expression editor, wherein each operator of the expression tree has a corresponding expansion 
box {See wiegel, Figures 3 and 9} that is operable by a user to show or hide the operands of the 
corresponding operator. 

The combination of the inventions disclosed in DANIEL and WIEGEL would disclose an 
expression editor, wherein each operator of the expression tree has a corresponding expansion 
box (i.e. the box icons which collapse/expand the tree upon a user's click) that is operable by a 
user to show or hide the operands of the corresponding operator. Therefore, it would have been 
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obvious to one of ordinary skill in the art at the time the invention was made to combine the 
inventions suggested by DANIEL and WIEGEL 

One of ordinary skill in the art would have been motivated to do this modification so that 
operands of the corresponding operator may be hidden or shown at the user's election. 
21. As per dependent claim 23, DANIEL, in combination with WIEGEL, discloses a 
network security system comprising: 

A plurality of software agents to collect security events from a plurality of 

monitor devices (See WIEGEL, col. 9, lines 18-19, wherein this reads over"[r]ule-based security . 
policies force a firewall server to perform inefficient, linear evaluations"}^ 

A manager {See WIEGEL, col. 14, liens 12-15, wherein this reads over "the mechanism 
concurrently creates and stores a script that expresses the security policy in the form of a simple 

procedural computer program"} including a rules engine to correlate the collected 1 
security events according to a set of rules {See wiegel, col. 9, lines 50-51, wherein this 

reads over "[d]ecision tree-based security policies are applied to each incoming session"> ; and 

A console interface to edit a rule from the set of rules using a graphical 
user interface {See wiegell, Figures 3, 4A-G, and 8A-D; and }, the graphical user 
interface comprising a Boolean expression tree to represent the rule in prefix 
notation {See daniel, Figure 6}, the rule including a plurality of operators and 
operands {See daniel, Figure 6> . and a plurality of infix operators corresponding 
with the plurality of operators inserted into the Boolean expression tree {See 

DANIEL, col. 4, lines 62-67, wherein this reads over "a generic parser which first converts the 
expression into an infix binary expression tree containing relational and Boolean operators. The filter 
table parser then converts the tree into a prefix data stream for high performance string-based 

evaluation ^, wherein the plurality of operands and infix operators represent the 

rule in infix notation {See DANIEL, Figures 5-6; and col. 4, line 67 - col. 5, line 2, wherein this 
reads over "a single stream prefix expression that contains a length, a Boolean or relational 
operator"}. 

The combination of the inventions disclosed in DANIEL and WIEGEL would disclose a 
network security system comprising of a plurality of software agents and a manger for correlating 
security events according to a set of rules. Therefore, it would have been obvious to one of 
ordinary skill in the art at the time the invention was made to combine the inventions suggested 
by DANIEL and WIEGEL 

One of ordinary skill in the art would have been motivated to do this modification so that 
a user may easily, using a console interface, edit a rule which would allow the related software 
agents to collect security events from a plurality of monitor devices. 
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22. Claims 7-8 and 22 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
DANIEL, as applied to claims 1-3, 6, 9, 11, 13-15, AND 21, in view of Ahlstrom et al (U.S. Patent 
No. 6,301,613, hereinafter referred to as AHLSTROM), filed on 3 December 1998, and issued on 
9 October 2001. 

DANIEL teaches the limitations of claims 1-3, 6, 9, 11, 13-15, AND 21 for the reasons 
stated above. 

DANIEL differs from the claimed invention in that DANIEL fails to disclose an expression 
editor wherein the Boolean expression comprises a rule in a network security system (claim 7). 

DANIEL differs from the claimed invention in that DANIEL fails to disclose an expression 
editor which comprises a rule editor of the network security system (claims 8 and 22). 

23. As per dependent claim 7, DANIEL, in combination with AHLSTROM, discloses an 
expression editor, wherein the Boolean expression comprises a rule in a network security system 

{See AHLSTROM, col. 6, lines 24-36, wherein this reads over "a Policy Condition is a Boolean expression defining the 
situation under which the policy system is to attempt to establish the consequent .... A Policy Consequent is a state of 
affairs that is to be brought about when the policy condition is satisfied, or an action that is to be taken or attempted 
when the policy condition is satisfied"}. 

The combination of inventions disclosed in DANIEL and AHLSTROM would disclose an expression 
editor, wherein the Boolean expression comprises a rule in a network system (i.e. a Policy condition which 
polices certain "Policy Consequents"). Therefore, it would have been obvious to one of ordinary skill in the 
art at the time the invention was made to combine the inventions suggested by DANIEL and AHLSTROM. 

One of ordinary skill in the art would have been motivated to do this modification so that 
the Boolean expressions claimed in the invention may be used to police a network security 
system. 

24. As per dependent claims 8 and 22, DANIEL, in combination with AHLSTROM, 
discloses an expression editor of claim 7, wherein the expression editor comprises a rule editor of 

the network security System {See AHLSTROM, col. 9, lines 9-12, wherein this reads over "Problem reporting may 
also involve displaying a policy editor window and accepting input from the user that defines a modification to a policy 
that will make it satisfiable"}^ 
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The combination of inventions disclosed in DANIEL and AHLSTROM would disclose an expression 
editor which comprises a rule editor of the network security system. Therefore, it would have been obvious 
to one of ordinary skill in the art at the time the invention was made to combine the inventions suggested 
by DANIEL and AHLSTROM. 

One of ordinary skill in the art would have been motivated to do this modification so that 
rules pertaining to the network security system may be edited. 

25. Claims 10 and 12 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
DANIEL, as applied to claims 1-3, 6, 9, 11, 13-15, AND 21, in view of Coden et al (U.S. Patent 
No. 6,263,328, hereinafter referred to as CODEN), filed 9 April 1999, and issued on 17 June 
2001. 

DANIEL teaches the limitations of claims 1-3, 6, 9, 11, 13-15, AND 21 for the reasons 
stated above. 

DANIEL differs from the claimed invention in that DANIEL fails to disclose an expression 
editor wherein the infix operators include parentheses to indicate the order of operations implicit 
in the expression tree (claim 10). 

DANIEL differs from the claimed invention in that DANIEL fails to disclose an expression 
editor wherein an insertion' of deletion of parentheses indicating an order of operations for the 
infix notation of the expression is reflected by a change in the structure of the expression tree to 
implicitly represent the changed order of operations (claim 12). 

26. As per dependent claim 10, DANIEL, in combination with CODEN, discloses an 
expression editor of claim 1, wherein the infix operators include parentheses to indicate the order 
of operations implicit in the expression tree {See coden, Fig. isa}. 

The combination of invention disclosed in DANIEL and CODEN would disclose an expression editor . 
wherein the infix operators included parentheses to indicate the order of operations. Therefore, it would 
have been obvious to one of ordinary skill in the art at the time the invention was made to combine the 
inventions suggested by DANIEL and CODEN. 



Application/Control Number: 10/698,814 Page 10 

Art Unit: 2161 

One of ordinary skill in the art would have been motivated to do this modification so that 
the Boolean expression may be processed according to the order set by the parentheses. 

27. As per dependent claim 12, DANIEL, in combination with CODEN discloses an 
expression editor, wherein an insertion or deletion of parentheses indicating an order of 
operations for the infix notation of the expression {See coden, Figure i5A} is reflected by a change 
in the structure of the expression tree to implicitly represent the changed order of operations {See 

CODEN; Figure 15C-1 & 15C-2}. 

The combination of invention disclosed in DANIEL and CODEN would disclose an 
expression editor wherein the insertion or deletion of parentheses would change the order of 
operations. Therefore, it would have been obvious to one of ordinary skill in the art at the time 
the invention was made to combine the inventions suggested by DANIEL and CODEN. 

One of ordinary skill in the art would have been motivated to do this modification so that 
the order of operations may be altered through the insertion or deletion of parentheses. 

Allowable Subject Matter 

28. Claims 17-20 would be allowable if rewritten to overcome the rejection(s) under 35 

. U.S.C. 112, 2nd paragraph, set forth in this Office action and to include all of the limitations of 
the base claim and any intervening claims. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Paul Kim whose telephone number is (571) 272 2737. The examiner can 
normally be reached on M-F, 9am - 5pm. - 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Jeffrey Gaffin can be reached on (571)272-4146. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished . 
applications is available through Private PAIR only. For more information about the PAIR system, 
see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 

Paul Kim 

Patent Examiner, Art Unit 2161 
Technology Center 2100 
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